.\"
.\" The contents of this file are subject to the terms of the
.\" Common Development and Distribution License (the "License").
.\" You may not use this file except in compliance with the License.
.\"
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
.\" or http://www.opensolaris.org/os/licensing.
.\" See the License for the specific language governing permissions
.\" and limitations under the License.
.\"
.\" When distributing Covered Code, include this CDDL HEADER in each
.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
.\" If applicable, add the following below this CDDL HEADER, with the
.\" fields enclosed by brackets "[]" replaced with your own identifying
.\" information: Portions Copyright [yyyy] [name of copyright owner]
.\"
.\"
.\" Copyright 1989 AT&T
.\" Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved.
.\" Copyright 2016 Nexenta Systems, Inc.
.\" Copyright 2020 Joyent, Inc.
.\" Copyright 2022-2024 RackTop Systems.
.\"
.Dd March 23, 2024
.Dt NFS 5
.Os
.Sh NAME
.Nm nfs
.Nd NFS configuration properties
.Sh DESCRIPTION
The behavior of the
.Xr nfsd 8 ,
.Xr nfsmapid 8 ,
.Xr lockd 8 ,
and
.Xr mountd 8
daemons and
.Xr mount_nfs 8
command is controlled by property values that are stored in the Service
Management Facility, smf(7).
The
.Xr sharectl 8
command should be used to query or change values for these properties.
.Pp
Changes made to
.Nm
property values on the
.Nm nfsd ,
.Nm lockd ,
.Nm mountd ,
or
.Nm mount_nfs
command line override the values set using
.Xr sharectl 8 .
.Pp
The following list describes the properties:
.Bl -tag -width Ds
.It Xo
.Sy client_versmin Ns = Ns Ar num
.br
.Sy client_versmax Ns = Ns Ar num
.Xc
The NFS client only uses NFS versions in the range specified by these
properties.
Valid values of versions are: 2, 3, and 4.
Default minimum version is
.Li 2 ,
while default maximum is
.Li 4 .
.Pp
You can override this range on a per-mount basis by using the
.Fl o Sy vers Ns =
option to
.Xr mount_nfs 8 .
.It Xo
.Sy server_versmin Ns = Ns Ar num
.br
.Sy server_versmax Ns = Ns Ar num
.Xc
The NFS server only uses NFS versions in the range specified by these
properties.
Valid values of versions are: 2, 3, 4, 4.0, 4.1 and 4.2.
Version 4 is an alias for 4.0.
Default minimum version is
.Li 2 ,
while the default maximum version is
.Li 4 .
.It Sy server_delegation Ns = Ns Sy on Ns | Ns Sy off
By default the NFS server provides delegations to clients.
The user can turn off delegations for all exported filesystems by setting this
variable to
.Li off .
This variable only applies to NFS Version 4.
.It Sy nfsmapid_domain Ns = Ns Op Ar string
By default, the
.Nm nfsmapid
uses the DNS domain of the system.
This setting overrides the default.
This domain is used for identifying user and group attribute strings in the NFS
Version 4 protocol.
Clients and servers must match with this domain for operation to proceed
normally.
This variable only applies to NFS Version 4.
See
.Sx Setting nfsmapid_domain
below for further details.
.It Sy max_connections Ns = Ns Ar num
Sets the maximum number of concurrent, connection-oriented connections.
The default is
.Li -1
.Pq unlimited .
Equivalent to the
.Fl c
option in
.Nm nfsd .
.It Sy listen_backlog Ns = Ns Ar num
Set connection queue length for the NFS over a connection-oriented transport.
The default value is
.Li 32 ,
meaning 32 entries in the queue.
Equivalent to the
.Fl l
option in
.Nm nfsd .
.It Sy protocol Ns = Ns Op Sy all Ns | Ns Ar protocol
Start
.Nm nfsd
over the specified protocol only.
Equivalent to the
.Fl p
option in
.Nm nfsd .
.Sy all
is equivalent to
.Fl a
on the
.Nm nfsd
command line.
Mutually exclusive of
.Sy device .
For the UDP protocol, only version 2 and version 3 service is established.
NFS Version 4 is not supported for the UDP protocol.
.It Sy device Ns = Ns Op Ar devname
Start NFS daemon for the transport specified by the given device only.
Equivalent to the
.Fl t
option in
.Nm nfsd .
Mutually exclusive of
.Sy protocol .
.It Sy servers Ns = Ns Ar num
Maximum number of concurrent NFS requests.
Equivalent to last numeric argument on the
.Nm nfsd
command line.
The default is
.Li 1024 .
.It Sy lockd_listen_backlog Ns = Ns Ar num
Set connection queue length for
.Nm lockd
over a connection-oriented transport.
The default and minimum value is
.Li 32 .
.It Sy lockd_servers Ns = Ns Ar num
Maximum number of concurrent
.Nm lockd
requests.
The default is 256.
.It Sy lockd_retransmit_timeout Ns = Ns Ar num
Retransmit timeout, in seconds, before
.Nm lockd
retries.
The default is
.Li 5 .
.It Sy grace_period Ns = Ns Ar num
Grace period, in seconds, that all clients
.Pq both NLM and NFSv4
have to reclaim locks after a server reboot.
This parameter also controls the NFSv4 lease interval.
The default is
.Li 90 .
.It Sy mountd_listen_backlog Ns = Ns Ar num
Set the connection queue length for
.Nm mountd
over a connection-oriented transport.
The default value is
.Li 64 .
.It Sy mountd_max_threads Ns = Ns Ar num
Maximum number of threads for
.Nm mountd .
The default value is
.Li 16 .
.It Sy mountd_port Ns = Ns Ar num
The IP port number on which
.Nm mountd
should listen.
The default value is
.Li 0 ,
which means it should use a default binding.
.It Sy mountd_remote_dump Ns = Ns Ar boolean
Should
.Nm mountd
respond to remote
.Sy MOUNTPROC_DUMP
queries to read the list of remote mounts.
The default value is
.Li false ,
which means only queries from local host will be allowed.
.It Sy statd_port Ns = Ns Ar num
The IP port number on which
.Nm statd
should listen.
The default value is
.Li 0 ,
which means it should use a default binding.
.El
.Ss Setting nfsmapid_domain
As described above, the setting for
.Sy nfsmapid_domain
overrides the domain used by
.Xr nfsmapid 8
for building and comparing outbound and inbound attribute strings, respectively.
This setting overrides any other mechanism for setting the NFSv4 domain.
In the absence of a
.Sy nfsmapid_domain
setting, the
.Xr nfsmapid 8
daemon determines the NFSv4 domain as follows:
.Bl -bullet
.It
If a properly configured
.Pa /etc/resolv.conf
.Po see
.Xr resolv.conf 5
.Pc
exists,
.Nm nfsmapid
queries specified nameserver(s) for the domain.
.It
If a properly configured
.Pa /etc/resolv.conf
.Po see
.Xr resolv.conf 5
.Pc
exists, but the queried nameserver does not have a proper record of the domain
name,
.Nm nfsmapid
attempts to obtain the domain name through the BIND interface
.Po see
.Xr resolver 3RESOLV
.Pc .
.It
If no
.Pa /etc/resolv.conf
exists,
.Nm nfsmapid
falls back on using the configured domain name
.Po see
.Xr domainname 8
.Pc ,
which is returned with the leading domain suffix removed.
For example, for
.Li widgets.sales.example.com ,
.Li sales.example.com
is returned.
.It
If
.Pa /etc/resolv.conf
does not exist, no domain name has been configured
.Po or no
.Pa /etc/defaultdomain
exists
.Pc ,
.Nm nfsmapid
falls back on obtaining the domain name from the host name, if the host name
contains a fully qualified domain name
.Pq FQDN .
.El
.Pp
If a domainname is still not obtained following all of the preceding steps,
.Nm nfsmapid
will have no domain configured.
This results in the following behavior:
.Bl -bullet
.It
Outbound
.Qq owner
and
.Qq owner_group
attribute strings are encoded as literal id's.
For example, the UID 12345 is encoded as
.Li 12345 .
.It
.Nm nfsmapid
ignores the
.Qq domain
portion of the inbound attribute string and performs name service lookups only
for the user or group.
If the user/group exists in the local system name service databases, then the
proper uid/gid will be mapped even when no domain has been configured.
.Pp
This behavior implies that the same administrative user/group domain exists
between NFSv4 client and server (that is, the same uid/gid's for users/groups
on both client and server).
In the case of overlapping id spaces, the inbound attribute string could
potentially be mapped to the wrong id.
However, this is not functionally different from mapping the inbound string to
.Sy nobody ,
yet provides greater flexibility.
.El
.Sh ZONES
NFS can be served out of a non-global zone.
All of the above documentation applies to an in-zone NFS server.
File sharing in zones is restricted to filesystems a zone completely controls.
Some zone brands (see
.Xr brands 7 )
do not give the zone's root its own filesystem, for example.
Delegated ZFS datasets to a zone are shareable, as well as lofs-remounted
directories.
The zone must have sys_nfs privileges; most brands grant this already.
.Sh SEE ALSO
.Xr brands 7 ,
.Xr smf 7 ,
.Xr zones 7 ,
.Xr lockd 8 ,
.Xr mount_nfs 8 ,
.Xr mountd 8 ,
.Xr nfsd 8 ,
.Xr nfsmapid 8 ,
.Xr sharectl 8
